Govern how the outside world reaches your ArcGIS services.
PTM sits in front of ArcGIS Server and turns every external request into a managed, attributable, rate-limited transaction — without changing the upstream platform.
Every shared service is a risk you cannot see.
ArcGIS Enterprise services inevitably reach beyond the firewall. Partner organisations, contractors, field crews, citizen-facing applications — all of them need the data. Each access point is a question the platform alone cannot answer: who is calling, how often, with what right, and is that right still current?
Proxy Token Manager makes those questions a matter of operational routine, not investigation.
One gateway. Per-consumer policy. Full audit trail.
PTM is a gateway layer that sits between ArcGIS Server and every external consumer. For each consumer — partner, contractor, application, tenant — it issues an isolated access policy: a unique API token, a referrer restriction, an IP allowlist, a rate limit.
Every request is validated at the perimeter, approved traffic is forwarded to the upstream service, and every transaction is written to an auditable database. Expired tokens are revoked on schedule. When a new ArcGIS service is added, the gateway configuration regenerates itself. The platform behind it stays untouched.
What PTM adds to your platform.
Per-consumer tokens
Each partner, contractor, or application receives its own API token, scoped to specific services, referrers, and IP ranges. Trust is granted per consumer, not per network.
Per-request audit trail
Every request — internal, external, anonymous, authenticated — is written as a structured row in PostgreSQL: timestamp, consumer identity, request path, source IP, status, response time. Compliance evidence by default.
Rate limiting at the perimeter
Per-consumer rate limits prevent any single integration from consuming a disproportionate share of upstream ArcGIS Server capacity. Anomalies surface as 429s in the audit log, not as performance incidents in production.
Lifecycle automation
Token expiry, allowlist changes, retention pruning, and gateway configuration regeneration all run on schedule. The operator owns policy. The system owns plumbing.
Adding a partner takes one click.
When you register a new consumer, PTM produces a per-consumer onboarding artefact — a PDF with the API key, the assigned service paths, the rate limit, and copy-paste integration code for the ArcGIS Maps SDK for JavaScript, Leaflet, and OpenLayers.
A week of email becomes a calendar invite.
- ◆ Per-consumer API key and scoped service paths
- ◆ Referrer and IP allowlists
- ◆ Token expiry and renewal schedule
- ◆ Ready-to-paste code for ArcGIS JS SDK, Leaflet, OpenLayers
Your existing platform does not change.
Portal for ArcGIS and ArcGIS Server keep running exactly as they did before. PTM only adds a perimeter in front of them — and makes everything that was previously invisible at that perimeter visible.
- ◆ Runs alongside ArcGIS Enterprise without configuration changes
- ◆ Deployed on-premises or in your own cloud environment
- ◆ PostgreSQL audit store, NGINX-based perimeter, declarative config
- ◆ No agent inside your ArcGIS environment, no DB schema modifications
Bring governance to your shared services.
Request a walkthrough, a demo against your own services, or pricing for your environment.